prevent ArrayIndexOutOfBoundException in UnknowEscherRecord, see bug #49579

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@979747 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Yegor Kozlov 2010-07-27 15:24:25 +00:00
parent c21d04a68b
commit 0cc825e8dc
3 changed files with 52 additions and 0 deletions

View File

@ -34,6 +34,7 @@
<changes>
<release version="3.7-beta2" date="2010-??-??">
<action dev="POI-DEVELOPERS" type="add">49579 - prevent ArrayIndexOutOfBoundException in UnknowEscherRecord</action>
<action dev="POI-DEVELOPERS" type="add">49593 - preserve leading and trailing white spaces in XWPFRun</action>
<action dev="POI-DEVELOPERS" type="add">49455 - Insert the content of fldSimple fields into the XWPFWordTextExtractor output</action>
<action dev="POI-DEVELOPERS" type="add">49640 - Fixed parsing formulas containing defined names beginning with an underscore</action>

View File

@ -28,6 +28,7 @@ import org.apache.poi.util.LittleEndian;
* we do not explicitly support.
*
* @author Glen Stampoultzis (glens at apache.org)
* @author Zhang Zhang (zhangzzh at gmail.com)
*/
public final class UnknownEscherRecord extends EscherRecord {
private static final byte[] NO_BYTES = new byte[0];
@ -42,6 +43,17 @@ public final class UnknownEscherRecord extends EscherRecord {
public int fillFields(byte[] data, int offset, EscherRecordFactory recordFactory) {
int bytesRemaining = readHeader( data, offset );
/*
* Modified by Zhang Zhang
* Have a check between avaliable bytes and bytesRemaining,
* take the avaliable length if the bytesRemaining out of range.
* July 09, 2010
*/
int avaliable = data.length - (offset + 8);
if (bytesRemaining > avaliable) {
bytesRemaining = avaliable;
}
if (isContainerRecord()) {
int bytesWritten = 0;
thedata = new byte[0];
@ -58,6 +70,7 @@ public final class UnknownEscherRecord extends EscherRecord {
}
return bytesWritten;
}
thedata = new byte[bytesRemaining];
System.arraycopy( data, offset + 8, thedata, 0, bytesRemaining );
return bytesRemaining + 8;

View File

@ -76,7 +76,45 @@ public final class TestUnknownEscherRecord extends TestCase {
assertTrue( r.isContainerRecord() );
assertEquals( 1, r.getChildRecords().size() );
assertEquals( (short) 0xFFFF, r.getChild( 0 ).getRecordId() );
//Add by Zhang Zhang test error situation when remaining bytes > avalible bytes
testData =
"00 02 " + // options
"11 F1 " + // record id
"05 00 00 00 " + // remaining bytes
"01 02 03 04";
r = new UnknownEscherRecord();
r.fillFields( HexRead.readFromString( testData ), factory );
assertEquals( 0x0200, r.getOptions() );
assertEquals( (short) 0xF111, r.getRecordId() );
assertEquals( 12, r.getRecordSize() );
assertFalse( r.isContainerRecord() );
assertEquals( 0, r.getChildRecords().size() );
assertEquals( 4, r.getData().length );
assertEquals( 1, r.getData()[0] );
assertEquals( 2, r.getData()[1] );
assertEquals( 3, r.getData()[2] );
assertEquals( 4, r.getData()[3] );
testData =
"0F 02 " + // options
"11 F1 " + // record id
"09 00 00 00 " + // remaining bytes
"00 02 " + // options
"FF FF " + // record id
"00 00 00 00"; // remaining bytes
r = new UnknownEscherRecord();
r.fillFields( HexRead.readFromString( testData ), factory );
assertEquals( 0x020F, r.getOptions() );
assertEquals( (short) 0xF111, r.getRecordId() );
assertEquals( 8, r.getRecordSize() );
assertTrue( r.isContainerRecord() );
assertEquals( 1, r.getChildRecords().size() );
assertEquals( (short) 0xFFFF, r.getChild( 0 ).getRecordId() );
}
public void testSerialize() {